Mobile transactions using a generic nfc smart sticker with authentication

ABSTRACT

A method for transmitting data between a mobile communication device and a server. The method includes running a mobile application on the mobile communication device. The mobile application is hosted on the mobile communication device through the server as a Software as a Service (SaaS). The method further includes transmitting data associated with the mobile application between the mobile communication device and the server, in which transmission of the data between the mobile communication device and the server is monitored through the server.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of application Ser. No. 11/939,821,filed Nov. 14, 2007, titled METHOD AND SYSTEM FOR SECURING TRANSACTIONSMADE THROUGH A MOBILE COMMUNICATION DEVICE, all of which is incorporatedby reference herein in its entirety.

FIELD OF INVENTION

The present invention relates to data communications and wirelessdevices.

BACKGROUND OF THE INVENTION

Mobile communication devices—e.g., cellular phones, personal digitalassistants, and the like—are increasingly being used to conduct paymenttransactions as described in U.S. patent application Ser. No.11/933,351, entitled “Method and System For Scheduling A BankingTransaction Through A Mobile Communication Device”, and U.S. patentapplication Ser. No. 11/467,441, entitled “Method and Apparatus ForCompleting A Transaction Using A Wireless Mobile Communication Channeland Another Communication Channel, both of which are incorporated hereinby reference. Such payment transactions can include, for example,purchasing goods and/or services, bill payments, and transferring fundsbetween bank accounts. Given the sensitive nature of personal money orbanking data that may be stored on a mobile communication device as aresult of the ability to transact payments, it is critical to protect auser from fraudulent usage due to, e.g., loss or theft of a mobilecommunication device.

BRIEF SUMMARY OF THE INVENTION

In general, in one aspect, this specification describes a method fortransmitting data between a mobile communication device and a server.The method includes running a mobile application on the mobilecommunication device. The mobile application is hosted on the mobilecommunication device through a management server. The method furtherincludes transmitting data associated with the mobile applicationbetween the mobile communication device and the server, in whichtransmission of the data between the mobile communication device and themanagement server is monitored through the management server.

Implementations can include one or more of the following features.Transmitting data can include generating a session key that is onlyvalid for a given communication session between the mobile communicationdevice and the server. The method can further include disabling use ofthe mobile application running on the mobile communication devicethrough the management server by invalidating the session key. Themethod can further include timing out a given communication sessionbetween the mobile communication device and the management server aftera pre-determined amount of time to prevent theft of data that isaccessible through the mobile application. Transmitting data associatedwith the mobile application between the mobile communication device andthe management server can include prompting a user to enter a paymentlimit PIN in response to a pending purchase exceeding a pre-determinedamount. The payment limit PIN can be applied to all purchases globallyor on a per-payment basis. The method can include use of biometrics toauthenticate the user before authorizing the transaction. The mobileapplication can comprise a payment transaction application that permitsa user to perform one or more of the following services including billpayment, fund transfers, or purchases through the mobile communicationdevice. The mobile application can permit a user to subscribe to each ofthe services separately.

The details of one or more implementations are set forth in theaccompanying drawings and the description below. Other features andadvantages will be apparent from the description and drawings, and fromthe claims.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates one implementation of a block diagram of acommunication system including a wireless mobile communication device.

FIG. 2 illustrates one implementation of the wireless mobilecommunication device of FIG. 1.

FIG. 3 illustrates one implementation of a method for authenticating auser.

FIG. 4 illustrates one implementation of a method for remotely lockinguse of a mobile application on a mobile communication device.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION OF THE INVENTION

FIG. 1 illustrates one implementation of a communication system 100. Thecommunication system 100 includes a hand-held, wireless mobilecommunication device 102 a point-of-sale device 104 and a remote server106. In one implementation, the mobile communication device 102 includesa mobile application (discussed in greater detail below) that permits auser of the mobile communication device 102 to conduct paymenttransactions. Payment transactions can include, for example, usingcontactless payment technology at a retail merchant point of sale (e.g.,through point of sale device 104), using mobile/internet commerce (e.g.,purchase tickets and products, etc.), storage of payment information andother digital artifacts (receipts, tickets, coupons, etc), storage ofbanking information (payment account numbers, security codes, PIN's,etc.), and accessing banking service (account balance, payment history,bill pay, fund transfer, etc.), and so on.

In one implementation, the mobile application running on the mobilecommunication device 102 implements one or more of the following toolsto secure data that may be stored and presented on the mobilecommunication device 102 as a result of a payment transaction. Themobile application can implemented one the mobile communication device102 through a management server which hosts and operates (eitherindependently or through a third-party) the application for use by itscustomers over the Internet, or other wireless network (e.g., a privatenetwork), or a wired network. In one implementation, customers do notpay for owning the software itself but rather for using the software. Inone implementation, the mobile application is accessible through an APIaccessible over the Web (or other network). The mobile application caninclude a multi-factored PIN-based login and authentication, and includesession keys and have command-level authentication. In oneimplementation, the mobile application running on the mobilecommunication device 102 can be remotely locked through a remote server(e.g., remote server 106). In one implementation, a PIN request can beimplemented to limit the amount of purchases that can be made. Further,security codes for different payment methods can be implemented toprotect a user. Each of these tools is discussed in greater detailbelow.

FIG. 2 illustrates one implementation of the mobile communication device102. The mobile communication device 102 includes a mobile application200 that (in one implementation) is provided to the mobile communicationdevice 102 through a remote server (e.g., remote server 106). In oneimplementation, the mobile application is a Mobile Wallet applicationavailable from Mobile Candy Dish, Inc., of Berkeley, Calif. Providingthe mobile application as a hosted service enables central monitoringand management of all security aspects of the service at the remoteserver. In addition, data (corresponding to a payment transaction) canbe stored on the remote server (e.g., remote server 106 (FIG. 1)) in asecure manner. In one implementation, the remote server is a managementserver that is can be maintained by Mobile Candy Dish or a trusted thirdparty, as described in U.S. patent application Ser. No. 11/933,351. Forexample, the data can be securely stored on the remote server usingconventional PCI guidelines. Hence, in the event the mobilecommunication device 102 is lost (or stolen), no confidential data canbe recovered as no data is stored on the mobile communication device102. In addition, an added benefit is that a user can recover seamlesslyby syncing new mobile communication device (via new installation of themobile application) with the service. Thus, in one implementation,sensitive information (e.g., banking account numbers, credit cardaccount numbers, expiry dates, and so on) are never stored on the mobilecommunication device. This reduces risk and exposure of the user'sprivate information and data.

Client Login and Authentication

In general, while effort is made to minimize storage of sensitive userinformation and data in a memory of a mobile communication device, inone implementation, some data is stored in the memory of a mobilecommunication device due to reasons of performance, usability and userexperience. For example, data may need to be stored on a mobilecommunication device in the following circumstances. Paymentcredentials, coupons, tickets, and so on may have to be stored on thesecure element of an NFC phone. Account balance, banking paymenthistory, etc., may be locally cached on a mobile communication device.In one implementation, a user can opt-in to save payment method securitycodes in the client (or mobile application) for convenience. Ticketsand/or coupons may be locally cached so that a user can redeem thetickets and/or coupons in an offline mode. For example, a mobilecommunication device may be offline in a situation in which networkconnectivity inside a building is degraded, and storing a ticket and/orcoupon in a local cache of the mobile communication device permits theuser to access the ticket or coupon.

In addition to data partitioning, in one implementation, users have anability to subscribe to different services. For example, User A maysubscribe to “Mobile Payments” and “Mobile Banking” services, while UserB may only subscribe to “Mobile Banking” and “What's Nearby” services.Hence, in one implementation, the mobile application includes amechanism to enable/disable different services on the Client based onparticular services to which users are subscribed. Table 1 belowillustrates example services that are enabled/disabled based on usersubscriptions.

TABLE 1 USER SERVICE SUBSCRIPTION STATUS User A Money Manager DisabledUser B Money Manager Transaction Only User C Money Manager Transaction,Payment User D Money Manager Transaction, Payment, BillPay, FundTransferThe above example control access to the Money Manager service and whatprivileges within the service a given user can perform. This will beused by the Client (mobile application) to enable/disable availablefeatures on the Client.

In one implementation, when a user subscribes to a mobile wallet theuser is assigned credentials that include a unique WalletID, SiteKey, auser-defined PIN, as well as tokens that specify access and privilegesfor the different services. FIG. 3 illustrates one implementation of amethod 300 for authenticating a user. User input is received (through amobile communication device) logging into the mobile application service(step 302). In one implementation, when a user attempts to login withthe client, the user is prompted to enter login credentials (e.g.,mobile phone number, 1-time activation code, Wallet PIN, etc.). Asession key is generated (step 304). In one implementation, the sessionkey is a unique server-generated session key that is valid only for theduration of a given session. In one implementation, the session key isused to ensure the server can identify the client and ensure that theclient has been previously authenticated. Upon a successful login, theserver will transfer credentials, service access and privileges (step306), which are locally cached on the mobile communication device. Theservice access and privileges control the behavior of the client. In oneimplementation, to prevent command spoofing, the session key is passedin every API server call. The server will validate (every time) thesession key is valid. If valid, the API server call is processed.Failure to validate the session key will cause a failure. In such acase, the client will flush the cached PIN and force the user tore-authenticate (or re-login).

Remote Lock

In one implementation, a mobile application running on a mobilecommunication device can be remotely locked (or disabled) byinvalidating a session key. Users, via calling a Customer Care, apersonal web portal, or some other mechanism, can implement changes(e.g., change PIN, etc.) that causes the server to invalidate thesession key. In real-time, the next attempt by the client to issue anAPI server call, validation of the session key will fail, which (in oneimplementation) causes the client to automatically flush the cached PINand session key, and force the user to re-authenticate. In addition, theclient can perform additional actions, in addition to flushing thecached PIN and session key. This includes, but is not limited to, one ormore of the following: changing the secure element mode to effectivetemporarily or permanently disable the secure element—i.e., a user canremotely alter the state of the smart chip to lock it remotely; anddeleting all cached data stored in the memory (or disk) of the mobilecommunication device.

Session Time Out

In one implementation, while a client is open, a user has access totransaction data. In such an implementation, users who may misplace amobile communication device while the client is open may expose the userto risk of information theft. Therefore, in one implementation, mobileapplication (or client) shuts down after a period of inactivity.Additional tasks that can be associated with the shutdown procedure caninclude, but is not limited to, temporarily shutting down a secureelement (of the mobile communication device) to prevent NFC payments,NFC coupon redemption, and NFC ticket redemption.

Payment Limit PIN

For payments (mobile commerce ticket purchase, etc.), in oneimplementation a user can prevent either fraudulent purchases oraccidental purchases by forcing a PIN prompt when a purchase amountexceed a user-specified value. In one implementation, a user can controlthis behavior globally (e.g., across all users' payment methods) or on aper-payment-method basis. Thus, when a user purchases ticket and selectsa payment method (to pay for purchase), if the transaction amountexceeds a specified payment method's limit, the client will trigger andprompt for the PIN. In order to proceed with purchase, the user has toenter the correct PIN. The user's input is validated against the cachedPIN on the client. The payment transaction will proceed if validated.Otherwise, an appropriate response is generated to the user.Effectively, this is a mechanism for the user (not the Merchant orIssuing Bank) to throttle/control the dollar amount that can beauthorized for various payments and transactions. In the event of acontactless purchase, the client controls the smart chip. In the eventof an electronic purchase (ticketing, etc.), a server can manages thecontrols.

Local Storage of Payment Security Codes

As a convenience to users, a user can opt-in and have only the securitycodes (CVV, etc.) associated to each of their payment methods locallystores on the client. In one implementation, management tools areprovided to add/delete/edit these security codes. In one implementation,the security codes are encrypted (Key Management of encryption keyperformed by a server) and then only stored in the client on the mobilecommunication device. In one implementation, security codes are notstored in any form on the server. The encryption key and security codescan be kept separately to prevent fraudulent usage.

Although the present invention has been particularly described withreference to implementations discussed above, various changes,modifications and substitutes are can be made. Accordingly, it will beappreciated that in numerous instances some features of the inventioncan be employed without a corresponding use of other features. Further,variations can be made in the number and arrangement of componentsillustrated in the figures discussed above.

1. A system comprising: memory operable to maintain a near fieldcommunication (NFC) application; a processor configured to execute theNFC application in response to an initial detection of a near fieldcommunication trigger by an NFC terminal, wherein the processor iscoupled to the memory, wherein it is determined that a data exchangebetween a mobile application running on a mobile device and a remoteserver has occurred, wherein the remote server permits a user associatedwith the mobile application running on the mobile device to conduct anNFC transaction as a result of the data exchange; an NFC wirelesstransceiver configured to send transaction data to the NFC terminal,wherein the memory, processor, and NFC wireless transceiver are includedin a secure element, wherein the secure element is coupled to the mobiledevice, the mobile device supporting a first communication channel forcellular data, wherein the NFC wireless transceiver is configured tosend transaction data by using a second communication channel differentfrom the first communication channel, wherein the NFC wirelesstransceiver is further configured to receive response information at thesecure element from the NFC terminal through the second communicationchannel; and a radio wireless transceiver configured to transmitresponse information from the secure element to the mobile device. 2.The system of claim 1, wherein the data exchange includes exchanging anidentification code.
 3. The system of claim 2, wherein theidentification code is a personal identification number (PIN).
 4. Thesystem of claim 1, wherein the data exchange includes using a sessionkey that is a shared key.
 5. The system of claim 1, wherein the NFCapplication is a payment application and the transaction data includespayment credentials.
 6. The system of claim 5, wherein the NFC terminalis a point-of-sale terminal.
 7. The system of claim 1, wherein the NFCapplication is an identity application and the transaction data includesidentity credentials.
 8. The system of claim 7, wherein the NFC terminalis a point-of-entry terminal.
 9. The system of claim 1, wherein the NFCapplication is a ticket application and the transaction data includespayment credentials.
 10. The system of claim 1, wherein the NFCapplication is a coupon application and the transaction data includescoupon information.
 11. The system of claim 1, wherein the secureelement is physically coupled to the mobile device but electricallydecoupled from electrical interior components of the mobile device. 12.The system of claim 1, wherein the secure element is physically coupledto the mobile device and electrically coupled to electrical interiorcomponents of the mobile device.
 13. The system of claim 1, wherein thesecure element is included within the body of a memory card configuredfor placement in a memory card slot in the mobile device.
 14. The systemof claim 1, wherein the secure element is embedded within the body ofthe mobile device.
 15. The system of claim 1, wherein the secure elementincludes a radio frequency (RF) absorbent material in an outer shellhousing the secure element to shield the secure element frominterference generated by the interior components of the mobile device,wherein the outer shell has a maximum width of 25 mm and a maximumthickness of 5 mm.
 16. A system comprising: maintaining a near fieldcommunication (NFC) application in a memory included in a secureelement; executing the NFC application using a processor in response toan initial detection of a near field communication trigger by an NFCterminal, wherein the processor is coupled to the memory, wherein theNFC application is executed after it is determined that a data exchangebetween a mobile application running on a mobile device and a remoteserver has occurred, wherein the remote server permits a user associatedwith the mobile application running on the mobile device to conduct anNFC transaction as a result of the data exchange; sending transactiondata to the NFC terminal from the secure element using an NFC wirelesstransceiver, wherein the secure element is coupled to the mobile device,the mobile device supporting a first communication channel for cellulardata, wherein the NFC wireless transceiver is configured to sendtransaction data using a second communication channel different from thefirst communication channel, wherein the NFC wireless transceiver isfurther configured to receive response information at the secure elementfrom the NFC terminal through the second communication channel; andtransmitting response information to the mobile device from the secureelement.
 17. The method of claim 16, wherein the data exchange includesexchanging an identification code.
 18. The method of claim 17, whereinthe identification code is a personal identification number (PIN). 19.The method of claim 16, wherein the data exchange includes using asession key that is a shared key.
 20. The method of claim 16, whereinthe NFC application is a payment application and the transaction dataincludes payment credentials.
 21. The method of claim 20, wherein theNFC terminal is a point-of-sale terminal.
 22. The method of claim 16,wherein the NFC application is an identity application and thetransaction data includes identity credentials.
 23. The method of claim22, wherein the NFC terminal is a point-of-entry terminal.
 24. Themethod of claim 16, wherein the NFC application is a ticket applicationand the transaction data includes payment credentials.
 25. The method ofclaim 16, wherein the NFC application is a coupon application and thetransaction data includes coupon information.